Total
302532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42760 | 1 Ellevo | 1 Ellevo | 2025-07-10 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. | |||||
| CVE-2024-39924 | 1 Dani-garcia | 1 Vaultwarden | 2025-07-10 | N/A | 8.8 HIGH |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. | |||||
| CVE-2024-39925 | 1 Dani-garcia | 1 Vaultwarden | 2025-07-10 | N/A | 6.5 MEDIUM |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. | |||||
| CVE-2024-39926 | 1 Dani-garcia | 1 Vaultwarden | 2025-07-10 | N/A | 5.4 MEDIUM |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. | |||||
| CVE-2024-42404 | 1 Welcart | 1 Welcart E-commerce | 2025-07-10 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. | |||||
| CVE-2024-45366 | 1 Welcart | 1 Welcart E-commerce | 2025-07-10 | N/A | 6.1 MEDIUM |
| Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2023-49203 | 1 Technitium | 1 Dnsserver | 2025-07-10 | N/A | 7.5 HIGH |
| Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic. | |||||
| CVE-2025-21008 | 1 Samsung | 1 Android | 2025-07-10 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | |||||
| CVE-2024-36350 | 2025-07-10 | N/A | 5.6 MEDIUM | ||
| A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. | |||||
| CVE-2024-36348 | 2025-07-10 | N/A | 3.8 LOW | ||
| A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage. | |||||
| CVE-2025-47988 | 2025-07-10 | N/A | 7.5 HIGH | ||
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | |||||
| CVE-2024-36349 | 2025-07-10 | N/A | 3.8 LOW | ||
| A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. | |||||
| CVE-2025-47178 | 2025-07-10 | N/A | 8.0 HIGH | ||
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | |||||
| CVE-2025-21195 | 2025-07-10 | N/A | 6.0 MEDIUM | ||
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-36357 | 2025-07-10 | N/A | 5.6 MEDIUM | ||
| A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. | |||||
| CVE-2025-49731 | 2025-07-10 | N/A | 3.1 LOW | ||
| Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-7214 | 2025-07-10 | 0.8 LOW | 1.6 LOW | ||
| A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0928 | 2025-07-10 | N/A | 8.8 HIGH | ||
| In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. | |||||
| CVE-2025-7059 | 2025-07-10 | N/A | 6.4 MEDIUM | ||
| The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideshow’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-7215 | 2025-07-10 | 0.8 LOW | 1.6 LOW | ||
| A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of the file /rom/wpa_supplicant.conf. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||